Google Admits It Bypassed Apple's Browser Cookie Blockers

Below:

Next story in Security

Google and three other online advertising companies bypassed the
default settings in Apple's Safari browser and on iOS devices in
order to track Web users, the Wall Street Journal reported on its
front page Friday morning.

"The companies used special computer code that tricks Apple's
Safari Web-browsing software into letting them monitor many
users," the Journal reported. "Safari, the most
widely used browser on mobile devices, is designed to block
such tracking by default."

Google admitted to the Journal that it had been doing so, and
disabled the workaround last night (Feb. 16) after having been
contacted by the newspaper.

However, Google also issued a statement: "The Journal
mischaracterizes what happened and why. We used known Safari
functionality to provide features that signed-in Google users had
enabled. It's important to stress that these advertising cookies
do not collect personal information."

In addition to DoubleClick, which Google owns, the other three
online ad-placement companies that used similar workarounds were
Vibrant Media Inc., Media Innovation Group LLC, owned by WPP, and
PointRoll Inc., owned by Gannett. Vibrant defended its practices
to the Journal, WPP chose not to comment and PointRoll claimed to
be ignorant of the practice.

Safari is special

Unlike other Web browsers, Apple's Safari automatically disables
most
ad-based tracking cookies, which log your movements around
the Internet and transmit them back to a central server. Safari
is the default browser on Macintosh computers and on iOS devices
such as iPads and iPhones, though other browsers can be
installed.

However, Safari does allow tracking cookies if the user interacts
with an ad somehow, such as by filling out a form. Google and the
three other companies took advantage of that feature by inserting
a
piece of code in ads that made Safari think a form had been
filled out.

In Google's case, the workaround cookie was set to detect whether
a user had signed into Google's Google+ social network. If so,
the cookie tracked the user for 24 hours; if not, it was left
blank and expired after 12 hours.

Google had built its workaround solely to track signed-in Google+
users, but the Journal explained that a "technical quirk" of
Safari meant any ad placed by Google could also place tracking
cookies.

"We didn't anticipate that this would happen," a Google
spokesperson told the Journal. "These advertising cookies do not
collect personal information."

But is it so bad?

Not everyone shared the Journal's judgment that Google's actions
constituted a major breach of privacy.

"Apple's mobile version of Safari broke with common Web practice,
and as a result, it broke Google's normal approach to engaging
with consumers. Was Google's 'normal approach' wrong?" wondered
tech entrepreneur and writer John Battelle on his personal blog. "One can debate
whether setting cookies should happen by default — but the
fact is, that's how it's done on the open Web."

Battelle also questioned why Apple disabled tracking cookies on
its browsers in the first place.

"Do you think it's because Apple cares deeply about your
privacy?" he wondered. "Might it be possible that Apple is using
data as its weapon, dressed up in the PR-friendly clothing of
'privacy protection' for users?"